cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2545
Views
0
Helpful
11
Replies

BGP AS-Path manipulation

milan.kulik
Level 10
Level 10

Hello,

one of our BGP neighbours is sending incorrect AS-path inside BGP updates. The content is a mixture of private AS nubmers and public ones (including even some owned by other ISPs!).

Does anybody know a way how to "clean up" the received AS-Path?

I know the "neighbor ... remove-private-AS" command but it fails on a private/public mixture.

So it seems I'll have to make some BGP-IGP mutual redistribution :-(

Unless some BGP guru would bring some idea...

Thanks,

Milan

11 Replies 11

Harold Ritter
Cisco Employee
Cisco Employee

Milan,

Can this neighbor just clean these incorrect AS paths? AS path manipulation, beyond private AS removal, is generally prohibited as it could lead to routing loops.

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Hi Harold,

we asked them to fix several times, but seems like an incompetent provider.

I know such a AS path manipulation would be quite dangerous in the Internet.

But this is a corporate network not advertised to the Internet.

The problem is we are peering with several MPLS providers and one of them sends these incorrect as-paths.

Thanks,

Milan

Milan,

As suggested, you can filter it out or try to remove the as path by doing mutual redistribution but this is only a work around. Another option could be to shop around for a replacement for this SP.

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Milan,

check with them if they are playing with the new 4byte AS number feature.

Using AS numbers of other ISPs is clearly wrong I think this is an unwanted leakage from a lab to the production network.

Deny these paths and send a mail to them so that no one can blame you for propagating incorrect information in the Internet

Hope to help

Giuseppe

Hi Giuseppe,

no this is not a leakage from a lab.

This is an incompetent MPLS provider using AS numbers like 1, 100, etc. in his backbone.

Luckilly, this is a corporate network not connected to the Internet.

I had been thinking about implementing 4byte AS number feature in our network to mask these AS numbers somehow but din't find any useful way.

Thanks,

Milan

atyalebipin
Level 1
Level 1

Hi,

You will have to use ip as-path with regular-expression to match both private & public AS to filter it.

Thanks

Hi,

I can simply filter out the prefixes with incorrect AS path, as I need to route to the subnets advertised (somehow).

Thanks,

Milan

Sorry, a typo.

Should be:

I can't ...

BR,

Milan

Mohamed Sobair
Level 7
Level 7

Hi Milan,

You will need "AS-Path Regular Expression" to deny the private AS.

Deny thoses Private-AS numbers using BGP regular expression,

Please have a look at the bellow document:

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094a92.shtml

HTH

Mohamed

Hi Mohamed,

I can't deny the prefixes.

I need to use them.

I'd need to remove the incorrect AS numbers from the AS-path (replace with correct ones possibly) and send to other BGP neighbours.

But I'm afraid this is impossible without BGP-IGP redistribution.

Thanks,

Milan

Hello Milan,

what about summarizing the routes locally on your router with summary-only option ?

if they have different AS paths they shoulg get a new shorter AS path attribute originated in your legitimate AS

otherwise you can use static routes with object tracking (if supported) and red static in BGP

Hope to help

Giuseppe

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: